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(54) Abstract Title: Network connection management system 



(57) A network connection management system is 
capable of performing control of connection or 
access to a networic easily without requiring a 
dedicated device. A user wishing to access an 
Information server uses a portable communication 
terminal 1 to send ID information and location 
Information S1 1 to the server where it is received 

531. ID information of the user, location information 
of major accessible places, and access levels based 
upon the ID information, the location Information, 
and time information are stored in advance In the 
information server. The information server 
determines whether permission is to be granted, 
and if so sends connection permission information 

532, which is based upon the ID information and 
the location information of the user, to the terminal. 
Upon receiving the connection permission 
Information in the portable terminal, the user makes 
connection S21 to the information server from 
information processing apparatus 2 via a 
communication network 100 by sending the 
connection permission information. No dedicated 
authentication device, e.g. fingerprint or card 
reader, is required at the information processing 
apparatus. 
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NETWORK ODNNECTION MANAGEMENT SYSTEM AND NETWORK CONNECTION 
MANACSEHENT METHOD USED THEREFOR 

BACKGROUND OP THE INVENTION 
Field of the Invention 
5 The present invention relates to a network connection 

management system and a network connection management method 
used therefor , and in particular to araethod of preventing illegal 
connection to a network. 

Description of the Related Art 

10 In recent years , as means for preventing illegal connection 

to a network, a fingerprint reader, an ID card reader, or the 
like are used. That is, authentication of an identification 
of a user is performed by lifting a fingerprint of the user with 
the fingerprint reader or by causing the user to insert an ID 

15 card distributed to each user into the ID card reader to read 
contents of the ID card with the ID card reader. 

In addition, following the development of a network 
(information ccmrmunication network) , places \irtiere users carry 
out jobs or the like have expanded from offices to other places 

20 such as homes of the users and satellite offices. 

However, in the conventional method of preventing illegal 
connection to anetwork , a dedicated device such as the fingerprint 
reader or the ID card reader is required as the means for preventing 
illegal connection to a network, and control of connection or 

25 access to a network cannot be performed easily. 
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BRIEF SUMMARY OF THE INVENTION 
It is an object of the present Invention to solve the 
above -described problem and provide a network connection 
manageinent system, vrtiichcan easily perform control of connection 
or access to a network without requiring a dedicated device, 
and a network connection management method used therefor. 

A network connection management system according to the 
present invention includes: a portable communication teiroinal 
including a location information detecting unit which detects 
location information of the terminal ; on access management server 
v*iich , upon judging that connection to a network is to be permitted 
based upon a communication network connection request including 
at least ID inf oirmation emd location information from the portable 
communication terminal, sends to the portable communication 
terminal connection permission Information for permitting 
connection to the network; and an information processing 
apparatus for maJcing connection to the network by sending the 
connection permission information obtained by the portable 
communication terminal. 

A network connection management method according to the 
present invention includes, upon judging that connection to a 
network is to be permitted based upon a communication network 
connection request including at least ID information and location 
information from a portable communication terminal including 
a location information detecting unit which detects location 
information of the terminal, sending connection permission 
information, which permits connection to the network, to the 
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portable communication terminal f rcan an access management server 
for managing the connection permission information; and making 
connection to the network by sending the connection permission 
information, which is obtained by the portable communication 
terminal, from an information processing apparatus. 

That is , the network connection meinagement system according 
to the present invention makes it possible to perform control 
of access to a network easier by utilizing the portable information 
terminal provided with the location information detecting unit . 

In addition, the network connection management system 
according to the present invention makes it possible to perform 
attendance management of a user appropriately by managing steurt 
time and end time of access to the network based upon the location 
information. 

Consequently , the network connection management system 
according to the present invention makes it possible to perform 
management of access to the network easily by utilizing the 
portable Information terminal provided with the location 
information detecting unit without depending upon a dedicated 
device such as a fingerprint reader or an ID card reader. 

In addition, in the network connection management system 
according to the present invention, even in the case in w*iich 
start time and end time of access to the network are managed 
to perform arrival and departure management (attendance 
management) of a user, since access is also confirmed according 
to location information of the portable information terminal, 
for example , it becomes possible to eliminate access from places 



other thcin those designated in advance (access other than that 
for business) and to perform appropriate management. 



BRIEF DESCRIPTICX4 OF THE DRAWINGS 
In the accompanying drawings; 

FIG . 1 is a block diagram showing a configuration of a network 
connection management system according to an embodiment of the 
present invention; 

FIG. 2 is a block diagram showing a configuration of a 
portable communication terminal of FIG. 1; 

FIG. 3 is a block diagram showing a configuration of an 
information server apparatus of FIG. 1; and 

FIG. 4 is a flowchart showing operations of the network 
connection management system according to the embodiment of the 
present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
An embodiment of the present invention will be hereinafter 
described with reference to the accompanying drawings. FIG. 

1 is a block diagram showing a configuration of a network 
connection management system according to the embodiment of the 
present invention . in FIG . 1 , the network connection management 
system according to the embodiment of the present invention mainly 
Includes : a portable communication terminal 1 provided with a 
location information detecting unit; an Information processing 
appeuratus 2 such as a personal computer; an information server 
apparatus 3; and a communication network 100 such as the Internet 
connecting these terminal and apparatuses each other. It is 
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assumed that the portable communication terminal 1 and the 
information processing apparatus 2 are located in a satellite 
office D. 

FIG. 2 is a block diagram showing a configuration of the 
portable comrounioation terminal 1 of FIG. 1. In PIG. 2, the 
portable communication terminal 1 is a browser phone connectable 
to the coinraunication network 100 and mainly includes : an antenna 
11; a radio unit (transmitted and received data processing unit) 
12; a location information detecting unit (GPSs Global 
Positioning System) 13; a display processing unit (display unit) 
14; a voice processing unit (speaker) 15; an operation unit 16; 
a storage unit 17; and a control unit 18. 

The radio unit 12 includes a transmission and reception 
circuit and the like and is connected to the communication network 
100 to perform transmission and reception of a phone call or 
data. The location information detecting unit 13 performs 
detection of location information with the GPS. As means for 
detecting the location information of the terminal 1 , a method 
other than the GPS may be adopted. 

The display processing unit 14 processes image data or 
character data and causes the display unit to display the proces s ed 
data. The voice processing unit 15 processes voice and musical 
sound data. The operation unit 16 performs an input operation 
of various instructions and information with respect to the 
portable communication terminal 1. The storage unit 17 stores 
various data, and the control unit 18 controls the respective 
parts of the portable communication terminal 1. 
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PIG. 3 is a block diagreim showing a configuration of the 
information server apparatus 3 of FIG. 1. In FIG. 3, the 
information server apparatus 3 is mainly constituted by an 
information processing apparatus such as a work station server 
5 and mainly includes an I/F (interface) unit 31, a DB (database) 
unit 32, a connection permission information storage unit 33, 
a user information storage unit 34, and a control unit 35. 

The I/F unit 31 is a coinrainicatlon interface which is used 
vAien data is sent and received between the information server 
10 apparatus 3 and the coramunicatlon network 100. The DB unit 32 
has a plurality of information storage areas (area A, area B, 
area C , etc . ) . 

The connection permission Information storage unit 33 
stores ID information of a user, an access level according to 
15 location information of the user, connection permission 

information (password), and the like. The user information 
storage unit 34 stores ID information and location information 
of a user as well as connection start time and connection end 
time of the user. The control unit 35 controls the respective 
20 parts of the information server apparatus 3. 

It is assumed that the control unit 35 is provided with 
a function for measuring time, and the connection permission 
Information (password) stored by the connection permission 
Information storage unit 33 is updated periodically or every 
25 time the information processing apparatus 2 is connected to the 
communication network. 

PIG. 4 is a flowchart showing operations of the network 
connection management system according to the embodiment of the 
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present invention. The operations of the network connection 
management system according to the embodiment of the present 
invention will be described with reference to PIGS. 1 to 4. 
Auser, who wishes to access the infonnatlon server apparatus 
5 3 from a desk of the user in an office, a conference room, a 
home of the user, a satellite office D, or the like, uses the 
portable communication terminal 1 to send the ID information 
and location information of the user (step Sll in FIG. 4). 
The connection permission information storage unit 33 of 

10 the information server appeuratus 3 stores the ID infonnatlon 
of each user , the location Infonnatlon of major accessible places 
(the desk of the user, the conference room, the satellite office 
D, the home of the user, other places, etc. ) , and access levels 
(e.g., access permitted to area A, access permitted to areas 

15 A and B, access not pexmitted, etc.) to the DB unit 32 based 
upon the ID information, the location information, and the time 
infonnatlon in advance. 

The information server apparatus 3 judges propriety of 
connection to the communication network 100 (DB unit 32) based 

20 upon the ID information and the location information received 
from the terminal 1 and contents stored in the connection 
permission information storage unit 33 and, when it Is judged 
that the connection to the communication network 100 is to be 
permitted, sends the connection permission information to the 

25 portable communication terminal 1 (steps S31 and S32 in FIG. 
4). 

It is assumed that the connection pezmlsslon information 
sent to the portable communication terminal 1 by the information 
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server apparatus 3 is updated periodically or every time the 
information processing apparatus 2 is connected to the 
communication network . The connection pexniission information 
maybe generated anew when it is sent to the portable communication 
5 terminal 1. 

Upon receiving the connection permission dLnfonnation in 
the portable coimunication terminal 1 (step S12 in FIG. 4), the 
user makes connection to the information server apparatus 3 from 
the information processing apparatus 2 via the communication 
10 network 100 based upon the connection permission information 
and carries out jobs or the like (steps S21, S22. and S33 to 
S36 in FIG. 4). 

In this case, time when the user starts connection to the 
information server apparatus 3 form the information processing 
1 5 apparatus 2 and time when the user ends the connection are recorded 
in the user information storage \anit 34 of the information seirver 
apparatus 3 together with the location Information of the portable 
comminication terminal 1 (steps S3 4 and S36 in FIG. 4). 

In this way, in this embodiment , access to the communication 
20 network 100 can be managed easily by using the portable 

conmunication terminal 1 provided with the location information 
detection unit 13 without depending upon a dedicated device such 
ixs a fingerprint reader or an ID card reader. 

In addition. In this embodiment, even in the case in vAiich 
25 steirt time and end time of access to the communication network 
100 are managed to perfoira arrival and departure management 
( attendance management ) of a user , since access is also confirmed 
according to location Information of the portable information 
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terminal 1 , for example . It becomes possible to eliminate access 
from places other than those designated in advance (access other 
than that for business ) eund to perf oxia appiroprlate management . 
As described above, according to the present Invention. 
5 there is an effect that control of connection or access to the 
network can be performed eas ily without us ing a dedicated device . 
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CLAIMS 

1. A network connection management system con^prlsing: 
a portable communication terminal including location 

information detecting means which detects location information 
of the terminal; 

an access memageraent server which, upon judging that 
connection to a network is to be permitted based upon a 
communication network connection request including at least ID 
information and location information from said portable 
communication terminal, sends to said portable comntunication 
termlnea connection permission information for permitting 
cotmection to said network; and 

an information processing apparatus for making connection 
to said network by sending the connection permission information 
obtained by said portable c<Miniunication terminal. 

2 . The network connection management system according to claim 
1, 

wherein said access management server chemges the 
connection permission information periodically. 

20 3 . The network connection management system according to claim 
1, 

wherein said access management server changes the 
connection permission information every time said information 
processing apparatus is connected to said network. 
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4 . The network connection management system according to claim 
1, 

wherein said access management server Includes means for 
recording start time and end time of connection to said network 
5 by said Information processing apparatus and performs attendance 
management of a user of said information processing appeiratus 
based upon the recorded start time and end time of connection. 

5 . The network connection management system according to claim 
1, 

10 wherein said access management server Includes information 

storage means having a plurality of Information areas and controls 
an access level to the information areas of said information 
storagemeans accordlngtoat least one of the location Information 
from said portable communication terminal and timie Information. 

15 6. A network connection meuiagement method ccMiqprlslng : 

upon judging that connection to a network Is to be permitted 
based upon a conmunlcatlon network connection request Including 
at least ID information and location information from a portable 
comnunlcatlon terminal Including location information detecting 

2 0 means which detect s locat ion information of the terminal . sending 
connection permission Information, vAilch permits connection to 
S2d.d network, to said portable communication terminal from an 
access management seirver for managing the connection permission 
information; and 

2 5 making connection to said network by sending the connection 

permission information, which is obtained by said portable 
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communication termin2il. from an Information processing 
apparatus . 

7 . The network connection management method according to claim 
6, 

5 wherein said access management server chemges the 

connection permission infoxmation periodically. 

8 . The network connection management method according to claim 
6, 

wherein said access management server changes the 
10 connection permission Information every time said Infoxmation 
processing apparatus is connected to said network. 

9 . The network connection management method according to claim 
6, 

wherein said access management server records start time 
15 and end time of connection to said network by said information 
processing apparatus zmd performs attendance meinagement of a 
user of said information processing apparatus based upon the 
recorded start time and end time of connection. 

1 0 . The network connect ion management method according to claim 
20 6, 

wherein said access memagement server controls eui access 
level to information areas of information storage means of said 
access management server according to at least one of the location 
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information from said portable communication terminal and 
time information. 

11. An access management server for use in a network 
management system in accordance with claim 1, the server 

5 comprising means for receiving from a portable communication 
terminal a connection request comprising ID information and 
location information, means for comparing the said ID and 
location information with pre-stored information and 
determining therefrom whether access is to be permitted, 

10 means operable if access is to be permitted for transmitting 
permission information to the portable communication 
terminal from which the request was received, and means 
responsive to receipt of a connection attempt from 
information processing apparatus for enabling the attempted 

15 connection provided that the connection attempt includes the 
permission information. 

12. A network connection management system, or an access 
management server therefor, substantially as herein 
described with reference to the drawings. 

20 13. A network connection management method substantially as 
herein described with reference to the drawings. 




Application No: GB 0314169.4 Examiner: Matthew Nelson 

Claims searched: 1-13 Date of search: 23 September 2003 



Patents Act 1977 : Search Report under Section 17 

Documents considered to be relevant; 



Category 


Relevant 
to claims 


Identity of document and p 


assage or figure of particular relevance 


A, P 




US 20020138632 Al 


(BADE et ai) See whole document. 


A 




US 20020055987 A 1 


(TSUJISAWA) See whole document. 


A 




JP 2002101091 A 


(HITACHI) See supplied online abstract and 
JPO translation. 


A 




JP 2001003615 A 


(NEC) See supplied online abstract and JPO 
translation. 



X Document indicating lack of novelty or invett 


weBlep A OacumeM indicating lecluialosicallncfcgnxind and/or slate of the ait 


Y Document indicatln( hck of InvcoUve «lep if 
witli one or more other documenu ofiame ci 


sombined P Document publixlied on or after the declared priority dale but before 
tegoiy . the filing date of tiiia invention, 


& Member of the same patent family 


E Patent document pubUihed on or alter, but wiUi priority date earlier 
than, the filing date of tMt application. 


Field of Search: 

Search of GB, EP, WO & US patent docu 


iments classifietl in the following areas of the UKC^: 


G4A; H4L; H4P I 


Worldwide search of patent documents c1 


issified in the following areas of the IPC : 



|G06P; H04L; H04Q 



The following online and other databases have been used in the preparation of this search report ; 
WPI. EPODOC, JAPIQ 



An Executive Agency of the Departmeni of Trade and Industry 



